I am a fan of Christmas – its a great time of the year, lots of good food, good friends and good catchups. But as web host and WordPress designer, its also a time of year that makes me nervous. Its hacker time! Each and every Christmas and Easter brings about a sharp spike in hacking and malicious activity around the world.
Hackers know that people are busy, distracted (maybe a little tipsy?) and have their minds elsewhere over the holiday periods, and use this time to attack sites vigourusly.
Its estimated that worldwide, over 30,000 websites get hacked each and every day. Given such a large percentage of sites a built using the WordPress platform – as high as 75% – you can assume that 20,000 or so WordPress sites are compromised, each and every day. Which is a very sobering statistic.
…its estimated that worldwide, over 30,000 websites get hacked each and every day…
Most hacks are attributed to “hacking bots” which are essentially a script (kind of like a software program) on a remote server somewhere around the globe, that probes 1000’s of sites, to see if a particular vulnerability is present – if found, these bots either alert the hacker, who can then maliciously damage the site or in some cases, the bot will actually do the damage itself. The good news with this sort of attack is that its very generic. It will look for known plugins, which are insecure and target that as a means to access the site.
Plugin related vulnerabilities
Its estimated that at least 98% of WordPress hacks are due to insecure plugins – which is why its vital your site is kept up to date.
Updating WordPress is not complicated – but it must be done regularly, and it must be done carefully.
How do I update WordPress Plugins?
The update process is fairly straight forward, but there are some steps you should follow before commencing – see next section.
To perform your updates or check to see what is pending, follow the below:
- Access your WordPress websites administrator page, which is normally located under www.[your-domain-name]/wp-admin.
- Login with your admin username and password. (You can do a password reset from this page if needed).
- Once logged in, hover over the DASHBOARD item at the top of the administrator menu, and then click on UPDATES from the pop up menu.
- On the updates page you will see a list of all plugins pending an update. Check what version you are going to upgrade too and identify if its a minor or major updates (see below for info).
- Once happy to proceed, tick the box next to this plugin.
- Repeat step 4 for each plugin and then click on UPDATE PLUGINS.
What else do I need to know?
8 times out of 10, updating WordPress is straight forward and painless – but those 2 times it’s not can be a nightmare! Your entire site can be taken offline, damaged badly or perhaps just throw all your beautiful alignments out of whack.
Below is a bit of a check list, when updating your WordPress plugins:
- Backup. A back up of the site is a must do, before you proceed with any updates. Either do this via cPanel or a plugin such as Updraft or similar. A secure WordPress Host, will generally offer backups at server level – but we would suggest taking your own backups prior to doing any updates.
- Check plugin version. The update page will show both a current version and new version. Smaller updates, for example version 1.1.2 to 1.1.5, or even 1.2.2 to 1.3.1 can generally be safely upgraded. But for major WordPress plugin updates, such as 1.2 to 2.2, we would suggest check on the developers site to see if there are any potential issues.
- Check the site. Check for and be prepared for issues! We would suggest allowing time to resolve any potential issues – so don’t update the site when you are about to run out the door to your Christmas party! A through check of the site highly recommended, in case an issue has developed.
- PHP Versions: PHP is the software a server runs to load your WordPress site. A lot of hosts offer multiple PHP versions these days (Including Ed Hostings Range of WordPress Hosting plans). Be aware of how to update your PHP version via cPanel, or have your hosts contact details handy in case you need to go from an early version of PHP to a more current version post updates.